| CVE-2025-24595 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bPlugins All Embed – Elementor Addons all-embed-addons-for-elementor allows Stored XSS.This issue affects All Embed – Elementor Addons: from n/a through <= 1.1.3. | medium | 2026-04-23 |
| CVE-2025-24594 | Missing Authorization vulnerability in aribhour Linet ERP-Woocommerce Integration linet-erp-woocommerce-integration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Linet ERP-Woocommerce Integration: from n/a through <= 3.5.7. | medium | 2026-04-23 |
| CVE-2025-24593 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WisdmLabs Edwiser Bridge edwiser-bridge allows Reflected XSS.This issue affects Edwiser Bridge: from n/a through <= 3.0.8. | medium | 2026-04-23 |
| CVE-2025-24592 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SysBasics Customize My Account for WooCommerce customize-my-account-for-woocommerce allows Reflected XSS.This issue affects Customize My Account for WooCommerce: from n/a through <= 2.8.22. | high | 2026-04-23 |
| CVE-2025-24591 | Missing Authorization vulnerability in Ninja Team GDPR CCPA Compliance Support ninja-gdpr-compliance allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GDPR CCPA Compliance Support: from n/a through <= 2.7.1. | high | 2026-04-23 |
| CVE-2025-24590 | Missing Authorization vulnerability in picu picu picu allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects picu: from n/a through <= 2.4.0. | medium | 2026-04-23 |
| CVE-2025-24589 | Missing Authorization vulnerability in JS Morisset JSM Show Post Metadata jsm-show-post-meta allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JSM Show Post Metadata: from n/a through <= 4.6.0. | medium | 2026-04-23 |
| CVE-2025-24588 | Missing Authorization vulnerability in patreon Patreon WordPress patreon-connect allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Patreon WordPress: from n/a through <= 1.9.1. | medium | 2026-04-23 |
| CVE-2025-24587 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Nks Email Subscription Popup email-subscribe allows Blind SQL Injection.This issue affects Email Subscription Popup: from n/a through <= 1.2.23. | high | 2026-04-23 |
| CVE-2025-24586 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bitsstech Shipment Tracker for Woocommerce shipment-tracker-for-woocommerce allows Reflected XSS.This issue affects Shipment Tracker for Woocommerce: from n/a through <= 1.4.23. | high | 2026-04-23 |
| CVE-2025-24585 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bastien Ho Event post event-post allows Stored XSS.This issue affects Event post: from n/a through <= 5.9.7. | medium | 2026-04-23 |
| CVE-2025-24584 | Missing Authorization vulnerability in bdthemes Ultimate Store Kit Elementor Addons ultimate-store-kit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Store Kit Elementor Addons: from n/a through <= 2.3.0. | medium | 2026-04-23 |
| CVE-2025-24583 | Missing Authorization vulnerability in AA Web Servant 12 Step Meeting List 12-step-meeting-list allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects 12 Step Meeting List: from n/a through <= 3.16.5. | medium | 2026-04-23 |
| CVE-2025-24582 | Insertion of Sensitive Information Into Sent Data vulnerability in AA Web Servant 12 Step Meeting List 12-step-meeting-list allows Retrieve Embedded Sensitive Data.This issue affects 12 Step Meeting List: from n/a through <= 3.16.5. | medium | 2026-04-23 |
| CVE-2025-24581 | Missing Authorization vulnerability in Themefic Instantio instantio allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Instantio: from n/a through <= 3.3.7. | medium | 2026-04-23 |
| CVE-2025-24580 | Missing Authorization vulnerability in AA Web Servant 12 Step Meeting List 12-step-meeting-list allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects 12 Step Meeting List: from n/a through <= 3.16.5. | medium | 2026-04-23 |
| CVE-2025-24579 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kyle Phillips Nested Pages wp-nested-pages allows Stored XSS.This issue affects Nested Pages: from n/a through <= 3.2.9. | medium | 2026-04-23 |
| CVE-2025-24578 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Element Invader ElementInvader Addons for Elementor elementinvader-addons-for-elementor allows DOM-Based XSS.This issue affects ElementInvader Addons for Elementor: from n/a through <= 1.3.0. | medium | 2026-04-23 |
| CVE-2025-24577 | Missing Authorization vulnerability in Ays Pro Poll Maker poll-maker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Poll Maker: from n/a through <= 5.5.0. | critical | 2026-04-23 |
| CVE-2025-24576 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fatcatapps Landing Page Cat landing-page-cat allows Reflected XSS.This issue affects Landing Page Cat: from n/a through <= 1.7.7. | high | 2026-04-23 |
| CVE-2025-24575 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HelloAsso HelloAsso helloasso allows Stored XSS.This issue affects HelloAsso: from n/a through <= 1.1.11. | medium | 2026-04-23 |
| CVE-2025-24574 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pepro Dev. Group PeproDev WooCommerce Receipt Uploader pepro-bacs-receipt-upload-for-woocommerce allows Reflected XSS.This issue affects PeproDev WooCommerce Receipt Uploader: from n/a through <= 2.6.9. | high | 2026-04-23 |
| CVE-2025-24573 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Softaculous PageLayer pagelayer allows DOM-Based XSS.This issue affects PageLayer: from n/a through <= 1.9.4. | medium | 2026-04-23 |
| CVE-2025-24572 | Cross-Site Request Forgery (CSRF) vulnerability in Epsiloncool WP Fast Total Search fulltext-search allows Cross Site Request Forgery.This issue affects WP Fast Total Search: from n/a through <= 1.78.258. | medium | 2026-04-23 |
| CVE-2025-24571 | Missing Authorization vulnerability in Epsiloncool WP Fast Total Search fulltext-search allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Fast Total Search: from n/a through <= 1.78.258. | medium | 2026-04-23 |
| CVE-2025-24570 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vito Peleg Atarim atarim-visual-collaboration allows Stored XSS.This issue affects Atarim: from n/a through <= 4.0.8. | high | 2026-04-23 |
| CVE-2025-24569 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in RedefiningTheWeb PDF Generator Addon for Elementor Page Builder pdf-generator-addon-for-elementor-page-builder allows Path Traversal.This issue affects PDF Generator Addon for Elementor Page Builder: from n/a through <= 1.7.5. | high | 2026-04-23 |
| CVE-2025-24568 | Cross-Site Request Forgery (CSRF) vulnerability in Brainstorm Force Starter Templates astra-sites allows Cross Site Request Forgery.This issue affects Starter Templates: from n/a through <= 4.4.9. | medium | 2026-04-23 |
| CVE-2025-24567 | Insertion of Sensitive Information Into Sent Data vulnerability in brandtoss WP Mailster wp-mailster allows Retrieve Embedded Sensitive Data.This issue affects WP Mailster: from n/a through <= 1.8.16.0. | medium | 2026-04-23 |
| CVE-2025-24566 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tomáš Groulík Intro Tour Tutorial DeepPresentation dp-intro-tours allows Reflected XSS.This issue affects Intro Tour Tutorial DeepPresentation: from n/a through <= 6.5.2. | high | 2026-04-23 |
| CVE-2025-24565 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Saleswonder Team: Tobias WP2LEADS wp2leads allows Reflected XSS.This issue affects WP2LEADS: from n/a through <= 3.3.3. | high | 2026-04-23 |
| CVE-2025-24564 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in aviplugins.com Contact Form With Shortcode contact-form-with-shortcode allows Reflected XSS.This issue affects Contact Form With Shortcode: from n/a through <= 4.2.5. | high | 2026-04-23 |
| CVE-2025-24563 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themeglow Cleanup – Directory Listing & Classifieds WordPress Plugin cleanup-light allows Reflected XSS.This issue affects Cleanup – Directory Listing & Classifieds WordPress Plugin: from n/a through <= 1.0.4. | high | 2026-04-23 |
| CVE-2025-24562 | Cross-Site Request Forgery (CSRF) vulnerability in Optimal Access KBucket kbucket allows Stored XSS.This issue affects KBucket: from n/a through <= 4.1.6. | high | 2026-04-23 |
| CVE-2025-24561 | Cross-Site Request Forgery (CSRF) vulnerability in awcode ReviewsTap reviewstap allows Stored XSS.This issue affects ReviewsTap: from n/a through <= 1.1.2. | high | 2026-04-23 |
| CVE-2025-24560 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AwesomeTOGI Awesome Event Booking awesome-event-booking allows Reflected XSS.This issue affects Awesome Event Booking: from n/a through <= 2.7.1. | high | 2026-04-23 |
| CVE-2025-24559 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in brandtoss WP Mailster wp-mailster allows Reflected XSS.This issue affects WP Mailster: from n/a through <= 1.8.15.0. | medium | 2026-04-23 |
| CVE-2025-24558 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CRM Perks CRM Perks support-x allows Reflected XSS.This issue affects CRM Perks: from n/a through <= 1.1.5. | high | 2026-04-23 |
| CVE-2025-24557 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in plainware PlainInventory z-inventory-manager allows Reflected XSS.This issue affects PlainInventory: from n/a through <= 3.1.5. | high | 2026-04-23 |
| CVE-2025-24555 | Cross-Site Request Forgery (CSRF) vulnerability in subscriptiondna Subscription DNA subscriptiondna allows Stored XSS.This issue affects Subscription DNA: from n/a through <= 2.1. | high | 2026-04-23 |
| CVE-2025-24554 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in awcode AWcode Toolkit awcode-toolkit allows Reflected XSS.This issue affects AWcode Toolkit: from n/a through <= 1.0.14. | high | 2026-04-23 |
| CVE-2025-24553 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Akadrama Shipping with Venipak for WooCommerce wc-venipak-shipping allows Reflected XSS.This issue affects Shipping with Venipak for WooCommerce: from n/a through <= 1.22.3. | high | 2026-04-23 |
| CVE-2025-24552 | Generation of Error Message Containing Sensitive Information vulnerability in paytiumsupport Paytium paytium allows Retrieve Embedded Sensitive Data.This issue affects Paytium: from n/a through <= 4.4.11. | medium | 2026-04-23 |
| CVE-2025-24551 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in oneteamsoftware Radio Buttons and Swatches for WooCommerce variations-radio-buttons-for-woocommerce allows Reflected XSS.This issue affects Radio Buttons and Swatches for WooCommerce: from n/a through <= 1.1.20. | high | 2026-04-23 |
| CVE-2025-24550 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in JobScore Job Manager job-manager-by-jobscore allows Stored XSS.This issue affects Job Manager: from n/a through <= 2.2. | medium | 2026-04-23 |
| CVE-2025-24549 | Cross-Site Request Forgery (CSRF) vulnerability in Mahbubur Rahman Post Meta post-meta allows Reflected XSS.This issue affects Post Meta: from n/a through <= 1.0.9. | high | 2026-04-23 |
| CVE-2025-24548 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Autoglot Autoglot – Automatic WordPress Translation autoglot allows Reflected XSS.This issue affects Autoglot – Automatic WordPress Translation: from n/a through <= 2.4.7. | high | 2026-04-23 |
| CVE-2025-24547 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in matthias.wagner Caching Compatible Cookie Opt-In and JavaScript caching-compatible-cookie-optin-and-javascript allows Stored XSS.This issue affects Caching Compatible Cookie Opt-In and JavaScript: from n/a through <= 0.0.10. | medium | 2026-04-23 |
| CVE-2025-24546 | Cross-Site Request Forgery (CSRF) vulnerability in RSTheme Ultimate Coming Soon & Maintenance ultimate-coming-soon allows Cross Site Request Forgery.This issue affects Ultimate Coming Soon & Maintenance: from n/a through <= 1.0.9. | medium | 2026-04-23 |
| CVE-2025-24545 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bannersky BSK Forms Validation bsk-gravity-forms-custom-validation allows Reflected XSS.This issue affects BSK Forms Validation: from n/a through <= 1.7. | high | 2026-04-23 |
